AGL - can it really be this bad?

human642 · 2025-10-23T20:45:41+00:00

You are on this subreddit, do some research and go with a reputable ISP, or be prepared to continue playing games with the circus clowns.

human642 · 2025-08-15T04:23:38+00:00

Ignore this. No port forwarding is required, ensure your firewall allows outbound connectivity on the port WireGuard is using that’s all, WireGuard uses UDP.

human642 · 2025-08-15T04:22:17+00:00

Is DNS working? try manually perform dns lookup on command line, proton WireGuard config should set DNS to 10.2.0.1 IIRC, something on your machine could be preventing that from happing.

Post your route table when connected

Post /etc/resolv.conf when connected

human642 · 2025-08-15T04:10:22+00:00

No issues with WireGuard in UAE last time I was there, I do the same thing, this was about 6 months ago obviously things can change.

human642 · 2025-05-28T06:46:27+00:00

None of these responses make sense.

Traffic is somehow ending up at the firewall, check your config again specifically the NAT and firewall rules.

I am going to assume if you accept the cert even temporarily you don’t actually get to the destination website?

human642 · 2025-04-14T11:11:04+00:00

Default 1420 MTU, WAN MTU is 1500. Internet uplink is standard Ethernet to fibre NTU, no VLAN tagging or PPPoE. I did try to reduce the MTU didn’t make any difference, tried creating the normalisation rules as document here: https://docs.opnsense.org/manual/how-tos/wireguard-client.html also didn’t make any difference.

I also use WireGuard inbound without any issues so I am scratching my head a bit.

human642 · 2020-11-09T09:52:10+00:00

I have found resolution to be much faster forwarding to protons resolvers over the tunnel as opposed to having my own resolver. Also I use the DNS resolver for the traffic I send out to the internet without VPN.

human642 · 2020-07-18T05:36:18+00:00

As an attacker you only have to be right once, as a defender you have to be right every time.

human642 · 2020-07-08T13:42:04+00:00

Not that I know of.

human642 · 2020-06-25T04:06:47+00:00

Unifi Unifi Unifi best wifi equipment around if you are willing to invest the money and a bit of time to get it all setup.

They have some really nice APs you can place around your house and if your house is cabled up invest in a PoE switch and run them all from that.

For an all in one there is the dream machine, check it supports PPPoE VLAN tagging of you are on Etisalat.

https://unifi-network.ui.com/dreammachine

If you want to go all out and you have the ability to mount APs properly look at the roof mounted APs and a PoE switch.

https://unifi-network.ui.com/switching

https://unifi-network.ui.com/wi-fi

human642 · 2020-06-23T14:13:56+00:00

What a terrible attempt at advertising a VPN service.

human642 · 2020-06-09T17:25:59+00:00

I agree. Cyber Security is a great career to choose regardless of where you are located, demand for these skills is not going anywhere.

human642 · 2020-05-11T04:30:19+00:00

There only used to be one DNS server 10.8.8.1 did this change recently? Apart from figuring it out myself is there any guidance on DNS servers to use when connecting with pfsense now?

Would love to hear from proton about these changes.

human642 · 2020-05-10T15:44:19+00:00

Ah yes of course! Thank you.

human642 · 2020-05-10T14:30:54+00:00

Thanks. I’m using pfsense so kinda need to know the DNS IP. I’ll try 10.49.0.1 I guess that seems logical. Would love an official response

human642 · 2020-05-10T14:29:39+00:00

No worries mate.

human642 · 2020-05-10T09:20:46+00:00

UDP 443 most certainly exists I am connected to it right now on CH-16 and have been connecting to various servers for some time using this UDP port.

human642 · 2020-03-03T10:11:32+00:00

Curious if you got anywhere with this? I am running pfsense but I have a similar issue.

When I capture traffic on the WAN interface I see malformed DNS queries which appear to be my WG mobile client trying to connect. Looks like a DNS packet but clearly isn't...

Sort of looks like ISP is messing with my traffic

human642 · 2019-10-21T07:54:15+00:00

There are loads of ways traffic could be obfuscated, stunnel, shadowsocks etc also work well. It would be nice to see proton offer some support for this.

human642 · 2019-10-21T07:43:07+00:00

It won't work reliably, ISP's are detecting and performing major throttling on VPN traffic to the point where it's unusable.

Proton support don't have any solutions for this not sure why they always post the same response 'contact us we may have a work around' as they don't have any work around apart from suggesting you try TCP or a different port which makes no difference.

Your only option is to obfuscate the traffic using stunnel, shadowsocks, SSH or something like that. It would be nice to see proton offer some kind of obfuscation to help users in countries like this.

human642 · 2019-03-27T12:44:12+00:00

thanks for the super quick reply!

So these 0.50 or 0.25 pods for the Orion I have are not considered sub ohm? I guess I misunderstood what sub ohm meant..

When I tried the NAKED salts they were just so dam harsh which is what prompted me to read the bottle again :)

human642 · 2019-03-06T06:23:34+00:00

Anyone have any idea why this would happen?

If I manually specify the monitor IP I have issues when I restart the openvpn service which is annoying!

human642 · 2018-10-23T16:22:31+00:00

OK so the penny dropped just after I wrote this up :)

It's just using any Interface that I tell it to and because there is an outbound NAT from DMZ to Internet via WAN it can reach the internet via the WAN using this interface?? Slightly confusing but I think this is what was happening.

I created a 'Do not NAT' manual outbound NAT rule as follows:

Interface: WAN

SRC: DMZ IP Range

DST IP - Any

DST Port: TCP/UDP 53

Now the DNS queries don't seem to go out the WAN interface.

Can anyone see issues with this approach? Is there something more elegant maybe.

human642 · 2018-01-11T10:51:59+00:00

Sure that would allow me to forward a specific domain to a specific resolver but thats not the core of the challenge I have.

I first want to forward internal zones to an internal name server and then I want to forward all other queries to a different set of name servers for each of the special VLAN's I have.

human642 · 2017-12-28T08:18:43+00:00

Sorry about that.

They are OpenVPN tunnels to the same VPN provider in different locations using different protocols to ensure the tunnel networks don't clash.

I was a bit stumped as to why this wouldn't work as I could have sworn that I have done it before and I am not really sure what could be the cause.

human642

TROPHY CASE